AWS Certified Developer Associate (#20)

An application that runs on an Amazon EC2 instance needs to access and make API calls to multiple AWS services. What is the MOST secure way to provide access to the AWS services with MINIMAL management overhead?

Use AWS KMS to store and retrieve credentials.
Use EC2 instance profiles.
Use AWS root user to make requests to the application.
Store and retrieve credentials from AWS CodeCommit.